> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getunblocked.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Google Workspace

> How to set up Google Workspace with Unblocked

Centralize your team's access to Unblocked by connecting it to Google Workspace.

## Configure Single Sign-On

Follow the steps below to configure single sign-on for Google Workspace.

<Steps>
  <Step title="Go to the Unblocked SSO Settings">
    Navigate to the **Settings** section of the Unblocked web app.
    Under Team Settings, select **Security**.
    Locate the Single Sign-On section and click **Configure**.

    <img src="https://mintcdn.com/unblocked/6EnUukZ0PqneZZya/img/sso/saml-unconfigured.png?fit=max&auto=format&n=6EnUukZ0PqneZZya&q=85&s=8a085ce78bd64c22e88430e6ded14685" alt="SSO Configuration" width="2880" height="1821" data-path="img/sso/saml-unconfigured.png" />
  </Step>

  <Step title="Create a Google SAML App">
    From your Google Workspace Admin dashboard, go to **Web and mobile apps**.
    Then, from the **Add app** dropdown, select **Add custom SAML app**.
  </Step>

  <Step title="Enter App details">
    Enter "Unblocked" as the app name and click **Continue**.
  </Step>

  <Step title="Copy Google Identity Provider details into Unblocked">
    Copy the following three values from the SAML application into the Configure SSO form in Unblocked:

    * `SSO URL`
    * `Entity ID`
    * `Certificate`
  </Step>

  <Step title="Configure SAML Settings">
    On the Service provider details page, enter the following:

    * ACS URL: provided from Unblocked
    * Entity ID: provided from Unblocked
    * Name ID format: `EMAIL`
    * Name ID: `Basic Information > Primary email`
  </Step>

  <Step title="Configure Attribute Mapping">
    Enter the following three attribute statements:

    | Google Directory Attribute | Value       |
    | :------------------------- | :---------- |
    | `Primary email`            | `email`     |
    | `First name`               | `firstName` |
    | `Last name`                | `lastName`  |
  </Step>

  <Step title="Click Finish">
    Click **Finish** to save your changes.
  </Step>

  <Step title="Assign Users">
    On the next page, assign users and groups to the Google SAML application to grant them access to Unblocked.
  </Step>
</Steps>

## Enforce SSO

Once SSO is configured, you can enforce its use for your team.
This means all team members will be required to sign in using your SSO provider.

There are two enforcement options:

* **SSO Only**:
  Users will be required to sign in to Unblocked using SSO.
  You may need to sign in with SSO before enabling this option.

* **SSO, a Source Code System, or Slack**:
  Users can sign in using either SSO, their source code system (e.g., GitHub, Bitbucket, or GitLab), or Slack.

<img src="https://mintcdn.com/unblocked/6EnUukZ0PqneZZya/img/sso/enforce/sso-enforce-off-zoom.png?fit=max&auto=format&n=6EnUukZ0PqneZZya&q=85&s=2027f8e85edbc59c56fdc8a6894397e8" alt="SSO Enforcement Options" width="1748" height="1114" data-path="img/sso/enforce/sso-enforce-off-zoom.png" />

## Allowed Email Domains

Verifying a domain ensures that users who enter an email address from that domain on the Unblocked sign-in page are automatically directed to your SSO login.
This creates a seamless login experience and routes users through the correct authentication flow.

You can add multiple domains to enable SSO login detection for users with different email addresses.
To verify a domain:

<Steps>
  <Step title="Add Domain">
    Click **Add Domain** and enter the domain name you want to verify.
  </Step>

  <Step title="Verify Domain">
    Unblocked will prompt you to add a TXT record to your DNS settings to complete the verification.
  </Step>
</Steps>

Once the domain is verified, any user who enters an email address matching that domain on the Unblocked sign-in page will see the SSO login option for your SAML provider.

Verifying a domain only controls the visibility of the SSO login option and does not automatically grant access to
your Unblocked team. Access to Unblocked is still managed through user and group assignments in your identity provider (IdP).

## Download Unblocked Logo

To help your users easily recognize Unblocked in their identity provider dashboard,
download the Unblocked logo for use in your SSO application.

<img src="https://mintcdn.com/unblocked/soZi90zJ9_abJhu-/img/brand/unblocked-512x512.png?fit=max&auto=format&n=soZi90zJ9_abJhu-&q=85&s=1dddee26e2a67f4de23cb62f773c2319" alt="Unblocked Logo" width="50%" data-path="img/brand/unblocked-512x512.png" />